Topic: Protect php source code

[o3d]

Does any one have a better idea to protect PHP files so that you can distribute a 'release' without the customer being able to read the source files. There are tools on the internet which costs money, BUT your are dependant on their software and if its not open source, its not trustworthy.

What I've done so far is writing an ISAPI DLL in borland cpp and installed it under iis6. Basically you call this isappi dll and it decrypts the encrypted php files and executes them respectively. It is thread safe (as is php). There are other methods available on the net that you use to encrypt your pages, BUT the decryption algorithm is found in your main php file and duh, if you can read the main file, you can easily decrypt all other files, so that is a bad idea. Any other ideas? Possibly to write a PHP extension perhaps but I have not been able to get that working on borland cpp.

[fert]

you can compile php into byte code.

[worldworld]

Try PHP Encoder to protect, encrypt and encode your PHP source code assets. Includes encryption, protection, security and obfuscation. More details are here..

[dr4g]

In the mean time i will google.
However, how would one compile into byte code.
And if someone has the byte code, are they able to reverse engineer it into PHP source.
Thanks.

[JustinMs66@hotmail.com]

i was going to create a topic on this myself. good thing i searched first ;-)
i am bumping this because i have a question:

is there a way to encrypt your php code without paying for a program that does it?

[thorpe]

is there a way to encrypt your php code without paying for a program that does it?

Write your own. I don't think there is currently any free php encrypting softwares.

[o3d]

To encrypt php source files is not the problem, the problem is that when you decrypt your php files in an extension library you will have to parse the decrypted php code to a script to be eval'ed.

sometin like this:
<?PHP
dl('cryptor.so');
eval(decryptFile('myEncryptedFile.php'));
?>

Should you want to sell this code to a customer, they can easily just echo the contents of decryptFile('filename'); and view the source. So this was a bad idea to start off with.

My next challenge is going to be to try and modify the Zend Engine to be able to accept either a normal php file or an encrypted php file. By doing this i should be able to give a customer a new php library as well as encrypted files which would not interfere with his current php files. Please give me your thoughts on this.

[phpmadman]

I have been trying to decode using base64 but was unsucessful.  What is the proper way to decode base64.  Here is the file I am trying to decode.

<?php $_F=__FILE__;$_X='P0Q+P1lUWQ0gdSoJdElySy1JeEtjWXctS31Hb3pZVFkJKnUNIElySUljdkdfSXd9S3coKTsNIA0gY0d4MXQucigndElySy1JeEtjWXctSVR9S3IuemNHeHpZVFknKTsNIA0gJC5zLUR9Li5fS31Hb2NHaigkX008TmgzJ2NCfWpyYy4nUiw2JF9NPE5oMyd9MXN0QmMuJ1IsNiRfTTxOaDMnS31Hb0p9MXRyJ1IpOw0gDSANID9E';$_D=strrev('edoced_46esab');eval($_D('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YL Cd1VzVQOFZrb2xjSFFTWHkyRm0gNFJ0Cnc8MGhiM11nSmpwRT ZNZjc9VT5LTGlBR3hhMXo5WmRldltuTy5zWVRESU57Q31CcXI vJywnL0QwNTN4Mms5aVZNezdacTRHCkpddUF0T0JUNltFSHZn S1ggUH04akw8cj15MW5jUWwuTndXVW9SSUZkYnBoPnNTWXphb UNlZicpOyRfUj1zdHJfcmVwbGFjZSgnX19GSUxFX18nLCInIi 4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>

[SpireLink]

I wlunder why do you want to release an encrypted software? IMHO I would realase it open so the users will be able to develope plugins to the software that could be used as a feature in the next release just like what vBulletin did, but in the other hand protect the copyrights of the orginal code ..

[d.shankar]

I wlunder why do you want to release an encrypted software? IMHO I would realase it open so the users will be able to develope plugins to the software that could be used as a feature in the next release just like what vBulletin did, but in the other hand protect the copyrights of the orginal code ..

Hello SpireLink.. Actually the author of the topic is trying to create something more secure .. so such things have to be encrypted inorder to protect from other users..

Will this help ??

Original Code -> Base64 Encode -> DES Encrypt -> Encrypted Code [Encryption Process]

Encrypted Code -> DES Decrypt -> Base 64 Decode -> Original Code [Decryption Process]

[o3d]

Hi d.shankar,

The problem i'm still having is at some point, you will have to eval your decrypted code. At this point, any person with some php sense would be able to just echo whatever is sent to the eval function and that would be clear php text (except in obfuscation ofcourse, but can be interprete still).

What needs to be done is to modify the zend file parser process to accept two types of files, clear text php and encrypted php files (which can be identified by a possible fixed header in the encrypted file). Unfortunately this envolves serious understanding about zend (which i don't have, but am learning very quickly). You will need to give a custom php-release for each customer who will then be able to interpret your encrypted php code.

Will keep everybody updated as to my progress, but it's going slow, so anyone with more experience are welcome to help.

[d.shankar]

If you have found the solution to your problem do come and post here o3d.
So it will be really helpful.

[helraizer]

*bump*

Unless someone got access to the actual file, they can't view the php source code anyway, so why need to encrypt it, or does it mean HTML as well?

[SyncViews]

I think the problem is he doesn't want the files to be based on his site but to be "sold" to the customers (like when you buy software you get an .exe quite often which is really hard to reverse engineer and you will never get the exact source code out of it).

[devreflex2004]

If it will be possible, it will be a good news for the freelancers, so that the client cant go away without paying, because he has to come back for paying, whenever he needs enhancement.